The U.S. Department of the Treasury announced actions to disrupt Russian cybercrime services as part of an international effort. The Financial Crimes Enforcement Network (FinCEN) issued an order identifying PM2BTC, a Russian virtual currency exchanger linked to Sergey Sergeevich Ivanov, as a “primary money laundering concern” connected to illicit finance in Russia. Concurrently, the Office of Foreign Assets Control (OFAC) sanctioned Ivanov and Cryptex, a virtual currency exchange operating in Russia.

Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith stated, "The United States and our international partners remain resolute in our commitment to prevent cybercrime facilitators like PM2BTC and Cryptex from operating with impunity." He added that the Treasury would continue using all tools to disrupt networks leveraging virtual assets for illicit activities.

These actions aim to protect U.S. national security by cutting off illicit financial institutions from the U.S. market. They reflect how Treasury leverages international cooperation and available tools against ransomware threats and Russian illicit financial activity.

Other U.S. agencies and foreign law enforcement partners are also taking related actions. The U.S. Secret Service’s Cyber Investigative Section, Netherlands Police, and Dutch Fiscal Intelligence and Investigation Service seized web domains associated with PM2BTC, UAPS, and Cryptex. The U.S. Department of State offered up to $10 million for information leading to Ivanov's arrest or conviction through its Transnational Organized Crime Rewards Program.

FinCEN’s order on PM2BTC is effective immediately under section 9714(a) of the Combating Russian Money Laundering Act. It prohibits certain fund transmittals involving PM2BTC by covered financial institutions due to its facilitation of laundering convertible virtual currency linked to ransomware and other illicit actors in Russia.

Cryptex has received over $51.2 million from ransomware attacks and is associated with over $720 million in transactions tied to Russia-based cybercriminals, including OFAC-designated Garantex exchange services lacking proper anti-money laundering programs.

Ivanov has allegedly laundered hundreds of millions in virtual currency for various criminal actors over approximately 20 years using payment processing services such as “UAPS.” OFAC designated him under Executive Order 14024 for his operations within Russia's financial sector.

OFAC’s designations follow recent Treasury actions against Russia-based cyber criminals, including members of Cyber Army of Russia Reborn, Dmitry Khoroshev (LockBitSupp), Ivan Kondratiev, and Artur Sungatov—highlighting ongoing safe harbor provided by Russia for such actors.

As a result of OFAC's action today, all property or interests belonging to designated individuals or entities within the United States are blocked and must be reported to OFAC unless authorized by specific licenses or exemptions.

Financial institutions engaging with sanctioned entities risk sanctions themselves unless they comply with updated OFAC advisories targeting support for Russia’s military-industrial base.

OFAC emphasized that sanctions aim not just at punishment but encouraging positive behavioral changes among targeted individuals or entities.

 

For questions regarding FinCEN’s order contact FinCEN Resource Center at 1-800-767-2825 or frc@fincen.gov.

 

###